From 243249614a65b966095543eb37c154c446b84b84 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Thu, 15 Dec 2022 16:57:45 +0100 Subject: update to 1.29.0 drop patches merged upstream --- unit-github639.patch | 55 ------------------------------------------------ unit-openssl3.patch | 59 ---------------------------------------------------- unit-syspol.patch | 32 ---------------------------- unit.spec | 21 ++++++------------- 4 files changed, 6 insertions(+), 161 deletions(-) delete mode 100644 unit-github639.patch delete mode 100644 unit-openssl3.patch delete mode 100644 unit-syspol.patch diff --git a/unit-github639.patch b/unit-github639.patch deleted file mode 100644 index a06e79c..0000000 --- a/unit-github639.patch +++ /dev/null @@ -1,55 +0,0 @@ -# HG changeset patch -# User Zhidao HONG -# Date 1645410293 -28800 -# Mon Feb 21 10:24:53 2022 +0800 -# Node ID 5419d81ccd877b80249bfee71e37b122a68eda6d -# Parent 00faecc2c4b6ad1bddb5b4d083e415851e9f93b1 -Improved realloc() wrapper. - -This closes #639 issue on Github. - -diff -r 00faecc2c4b6 -r 5419d81ccd87 src/nxt_malloc.c ---- a/src/nxt_malloc.c Tue Feb 15 21:43:02 2022 +0000 -+++ b/src/nxt_malloc.c Mon Feb 21 10:24:53 2022 +0800 -@@ -61,6 +61,33 @@ nxt_zalloc(size_t size) - } - - -+#if (NXT_DEBUG) -+ -+void * -+nxt_realloc(void *p, size_t size) -+{ -+ void *n; -+ uintptr_t ptr; -+ -+ ptr = (uintptr_t) p; -+ -+ n = realloc(p, size); -+ -+ if (nxt_fast_path(n != NULL)) { -+ nxt_log_debug(nxt_malloc_log(), "realloc(%p, %uz): %p", ptr, size, n); -+ -+ } else { -+ nxt_log_alert_moderate(&nxt_malloc_log_moderation, nxt_malloc_log(), -+ "realloc(%p, %uz) failed %E", -+ ptr, size, nxt_errno); -+ } -+ -+ return n; -+} -+ -+ -+#else -+ - void * - nxt_realloc(void *p, size_t size) - { -@@ -80,6 +107,8 @@ nxt_realloc(void *p, size_t size) - return n; - } - -+#endif /* NXT_DEBUG */ -+ - - /* nxt_lvlhsh_* functions moved here to avoid references from nxt_lvlhsh.c. */ diff --git a/unit-openssl3.patch b/unit-openssl3.patch deleted file mode 100644 index 38f2587..0000000 --- a/unit-openssl3.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 988aa2115ec67111e8a124d4d6c0abccb63db05f Mon Sep 17 00:00:00 2001 -From: Remi Collet -Date: Thu, 18 Nov 2021 17:47:39 +0100 -Subject: [PATCH 1/2] use ERR_get_error_all with openssl 3 - ---- - src/nxt_openssl.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/src/nxt_openssl.c b/src/nxt_openssl.c -index 1e08015e..22242538 100644 ---- a/src/nxt_openssl.c -+++ b/src/nxt_openssl.c -@@ -14,7 +14,6 @@ - #include - #include - -- - typedef struct { - SSL *session; - nxt_conn_t *conn; -@@ -1781,7 +1780,11 @@ nxt_openssl_copy_error(u_char *p, u_char *end) - clear = 0; - - for ( ;; ) { -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L -+ err = ERR_get_error_all(NULL, NULL, NULL, &data, &flags); -+#else - err = ERR_get_error_line_data(NULL, NULL, &data, &flags); -+#endif - if (err == 0) { - break; - } - -From 22ad9572ccb3b5f0d49219290e1f92911836cb8d Mon Sep 17 00:00:00 2001 -From: Remi Collet -Date: Thu, 18 Nov 2021 17:48:19 +0100 -Subject: [PATCH 2/2] temporarily ignore openssl 3 deprecations - ---- - src/nxt_openssl.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/src/nxt_openssl.c b/src/nxt_openssl.c -index 22242538..606cdadf 100644 ---- a/src/nxt_openssl.c -+++ b/src/nxt_openssl.c -@@ -14,6 +14,11 @@ - #include - #include - -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L -+/* TODO removed when SSL_CTX_set_tlsext_ticket_key_cb updated to SSL_CTX_set_tlsext_ticket_key_evp_cb */ -+# pragma GCC diagnostic ignored "-Wdeprecated-declarations" -+#endif -+ - typedef struct { - SSL *session; - nxt_conn_t *conn; diff --git a/unit-syspol.patch b/unit-syspol.patch deleted file mode 100644 index 1ab0ddf..0000000 --- a/unit-syspol.patch +++ /dev/null @@ -1,32 +0,0 @@ -diff -up ./src/nxt_openssl.c.syspol ./src/nxt_openssl.c ---- ./src/nxt_openssl.c.syspol 2021-08-19 16:52:54.000000000 +0200 -+++ ./src/nxt_openssl.c 2021-08-24 07:43:45.844605992 +0200 -@@ -278,7 +278,7 @@ nxt_openssl_server_init(nxt_task_t *task - nxt_tls_init_t *tls_init, nxt_bool_t last) - { - SSL_CTX *ctx; -- const char *ciphers, *ca_certificate; -+ const char *ca_certificate; - nxt_tls_conf_t *conf; - STACK_OF(X509_NAME) *list; - nxt_tls_bundle_conf_t *bundle; -@@ -339,13 +339,13 @@ nxt_openssl_server_init(nxt_task_t *task - } - */ - -- ciphers = (conf->ciphers != NULL) ? conf->ciphers : "HIGH:!aNULL:!MD5"; -- -- if (SSL_CTX_set_cipher_list(ctx, ciphers) == 0) { -- nxt_openssl_log_error(task, NXT_LOG_ALERT, -+ if (conf->ciphers) { /* else use system crypto policy */ -+ if (SSL_CTX_set_cipher_list(ctx, conf->ciphers) == 0) { -+ nxt_openssl_log_error(task, NXT_LOG_ALERT, - "SSL_CTX_set_cipher_list(\"%s\") failed", -- ciphers); -- goto fail; -+ conf->ciphers); -+ goto fail; -+ } - } - - #if (NXT_HAVE_OPENSSL_CONF_CMD) diff --git a/unit.spec b/unit.spec index 13c7bcd..e017813 100644 --- a/unit.spec +++ b/unit.spec @@ -11,12 +11,12 @@ %global gh_owner nginx %global project unit -%global gh_commit 38bd7e76a134084ab95a4ee3125af1ccd7b35864 +%global gh_commit 87a1a9c0d275c6869e50bc9f3dfca1227ec54868 %global gh_short %(c=%{gh_commit}; echo ${c:0:7}) Name: unit Summary: NGINX Unit application server -Version: 1.28.0 +Version: 1.29.0 Release: 1%{?dist} License: ASL 2.0 URL: https://unit.nginx.org/ @@ -27,16 +27,6 @@ Source2: unit.init Source3: unit.sysconf Source4: unit.logrotate -# Use system crypto policy -# https://github.com/nginx/unit/pull/215 -Patch0: %{project}-syspol.patch -# Workaround for OpenSSL 3.0 -# https://github.com/nginx/unit/pull/598 -Patch1: %{project}-openssl3.patch -# Workaround use-afer-free -# https://github.com/nginx/unit/issues/639 -Patch2: %{project}-github639.patch - BuildRequires: make BuildRequires: gcc BuildRequires: openssl-devel @@ -69,9 +59,6 @@ Library and include files required for NGINX Unit modules development. %prep %setup -qn %{project}-%{gh_commit} -%patch0 -p1 -b .syspol -%patch1 -p1 -b .openssl3 -%patch2 -p1 -b .gcc12 cp pkg/rpm/rpmbuild/SOURCES/unit.example.config example.config @@ -195,6 +182,10 @@ BANNER %changelog +* Thu Dec 15 2022 Remi Collet - 1.29.0-1 +- update to 1.29.0 +- drop patches merged upstream + * Tue Sep 13 2022 Remi Collet - 1.28.0-1 - update to 1.28.0 -- cgit